Sign-up

ID

VAR-202505-0056


CVE

CVE-2025-4270


TITLE

TOTOLINK  of  A720R  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-004449

DESCRIPTION

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be obtained. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A720R has an access control error vulnerability, which is caused by improper processing of the parameter topicurl in the file /cgi-bin/cstecgi.cgi. Attackers can exploit this vulnerability to cause information leakage

Trust: 2.16

sources: NVD: CVE-2025-4270 // JVNDB: JVNDB-2025-004449 // CNVD: CNVD-2025-15235

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15235

AFFECTED PRODUCTS

vendor:totolinkmodel:a720rscope:eqversion:4.1.5cu.374

Trust: 1.0

vendor:totolinkmodel:a720rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a720rscope:eqversion:a720r firmware 4.1.5cu.374

Trust: 0.8

vendor:totolinkmodel:a720rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a720r 4.1.5cu.374scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15235 // JVNDB: JVNDB-2025-004449 // NVD: CVE-2025-4270

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4270
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-4270
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-004449
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-15235
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-4270
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004449
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-15235
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4270
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4270
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004449
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15235 // JVNDB: JVNDB-2025-004449 // NVD: CVE-2025-4270 // NVD: CVE-2025-4270

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004449 // NVD: CVE-2025-4270

PATCH

title:Patch for TOTOLINK A720R Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/705751

Trust: 0.6

sources: CNVD: CNVD-2025-15235

EXTERNAL IDS

db:NVDid:CVE-2025-4270

Trust: 3.2

db:VULDBid:307374

Trust: 1.8

db:JVNDBid:JVNDB-2025-004449

Trust: 0.8

db:CNVDid:CNVD-2025-15235

Trust: 0.6

sources: CNVD: CNVD-2025-15235 // JVNDB: JVNDB-2025-004449 // NVD: CVE-2025-4270

REFERENCES

url:https://www.totolink.net/

Trust: 2.4

url:https://github.com/at0de/my_vulns/blob/main/totolink/a720r/getinitcfg.md

Trust: 1.8

url:https://github.com/at0de/my_vulns/blob/main/totolink/a720r/getsysstatuscfg.md

Trust: 1.8

url:https://vuldb.com/?id.307374

Trust: 1.8

url:https://vuldb.com/?submit.563442

Trust: 1.8

url:https://vuldb.com/?ctiid.307374

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4270

Trust: 0.8

sources: CNVD: CNVD-2025-15235 // JVNDB: JVNDB-2025-004449 // NVD: CVE-2025-4270

SOURCES

db:CNVDid:CNVD-2025-15235
db:JVNDBid:JVNDB-2025-004449
db:NVDid:CVE-2025-4270

LAST UPDATE DATE

2025-07-09T23:18:23.119000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15235date:2025-07-08T00:00:00
db:JVNDBid:JVNDB-2025-004449date:2025-05-08T05:11:00
db:NVDid:CVE-2025-4270date:2025-05-07T16:38:30.767

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15235date:2025-07-07T00:00:00
db:JVNDBid:JVNDB-2025-004449date:2025-05-08T00:00:00
db:NVDid:CVE-2025-4270date:2025-05-05T08:15:15.607